Threat Update
Multiple potential mobile threats have emerged recently, with T-Mobile disclosing a data breach caused by SIM swapping attacks, and news surfacing of the Android “SHAREit” app allowing attackers to steal user information. These vulnerabilities could potentially allow for attackers to steal client information, bypass MFA by intercepting calls and messages, and discreetly install malware on devices. SKOUT recommends regularly updating all mobile applications, operating systems, and passwords to ensure the latest security patches are installed and passwords are not compromised. In addition, SKOUT recommends using an account PIN or key with your mobile carrier as an additional layer of security.
Technical Detail & Additional Information
WHAT IS THE THREAT?
- Android SHAREit: A bug in the SHAREit app, an app which has been downloaded over 1 billion times, opened the possibility for attackers to launch a man-in-the-disk (MITD) attack. If this attack is launched on a device, attackers are essentially listening in and spying on the device’s activity. This could lead to the compromise of sensitive information.
- T-Mobile: As a result of social engineering, or after tricking mobile operator employees to switch a phone number to a fraudulent SIM card, attackers were able to take control of targets’ phone numbers. This could have potentially led to MFA bypass, and sensitive information being compromised by attackers.
WHY IS IT NOTEWORTHY?
The vulnerabilities detailed above create threats which are relevant to almost everyone. Many employees use both company and personal smartphones to conduct business in the workplace. We leverage them for communication, storing information, and for authentication into accounts which can store sensitive information. These use cases have only become more frequent in today’s work from home environment. While not every device is an Android or running on T-Mobile per se, the possibility for similar threats arising on other brands and carriers is extremely possible.
WHAT IS THE EXPOSURE OR RISK?
If a device is exploited, the attacker will essentially have access to all data and communications associated with the compromised device. In terms of personal information, the vulnerabilities enable the possibility for attackers to access personal information which could have included customer names, home addresses, e-mail addresses, account numbers, Social Security numbers, PIN numbers, date of birth, and more. It also enabled the possibility of intercepting phone calls and SMS messages, which could lead to more data leaks, and would render certain multi-factor authentication methods useless. Access to this sort of information could lead to identity theft, and to attackers accessing other accounts with similar credentials, which could lead to even more information being leaked.
WHAT ARE THE RECOMMENDATIONS?
The recommendations are consistent for both of these issues, and many other issues of this nature.
• Keep your operating system updated to ensure that the latest security patches are applied.
• Update applications regularly to ensure that the latest security patches are applied.
• Setup an account pin with your mobile carrier as an added verification step.
• Change passwords periodically, to further assure that attackers don’t possess your current password.
• Do not recycle passwords across multiple sensitive accounts.
References:
For more in-depth information about the recommendations, please visit the following links:
- https://www.bleepingcomputer.com/news/security/t-mobile-discloses-data-breach-after-sim-swapping-attacks/
- https://threatpost.com/unpatched-android-app-billion-downloads-malware/163976/
If you have any questions, please contact our Security Operations Center.
